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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1. (CURRENTLY AMENDED): A method of modifying operation of an information system 
comprising: 

modifying a program execution call to first execute a wrapper logic module in user space 

instead of a requested program; 
examining a program execution request in light of one or more conditions; 
selecting an action using said program execution request and said conditions; 
performing said action; and 

selecting a response using one or more of said program execution requests, said conditions 

and results of said action; 
providing said selected response; 

further wherein said conditions are one or more triggering conditions selected from the 

group consisting of: 
program identity; 
process depth; 
process lineage; 
external parameters; 
system resource parameters; 
program execution parameters; 
program execution arguments; 
presence or absence of other processes; 
presence or absence of other programs; 
presence or absence of other files; 
presence or absence of other connections; 
other system conditions or states; 
remotely controlled settings; 
availability of external decision sources; 
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contents, location, fingerprints, time and date stamps, and/or size of one or more of a file, 

a program, available or consumed memory, or input; 
current, historical, and predicted states and state sequences; and 
tags, cryptographic keys, and other locking and control mechanisms and their states. . 

2. (ORIGINAL): The method of claim 1 further comprising: 

providing a wrapper logic module able to receive information about a program execution 
request and able to select and perform an action based on one or more conditions. 

3. CANCELLED 

4. (ORIGINAL): The method of claim 1 further comprising: 

setting a per-process flag indicating that a process is in a state where an program 

execution request should first execute said wrapper logic module; 
performing error checks; 

determining if said requested program would have been executed in normal operation; 
executing a wrapper in place of the original program; and 

providing said wrapper with relevant information regarding the original execution request. 

5. (ORIGINAL): The method of claim 1 further comprising: 
retaining permissions associated with the original program request; 
communicating with other decision processes or programs; 

6. (ORIGINAL): The method of claim 1 further comprising: 

if a decision is made to execute the originally requested program, said wrapper replaces 
itself in a process space with said originally requested program; and 

if a decision is made not to execute the originally requested program, said wrapper causes 
an alternative action to be taken. 

7. (ORIGINAL): The method of claim 1 further wherein said action is one or more actions 
selected from the group consisting of: 

running a requested program; 
refusing to run a requested program; 
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providing a response; 
running a substitute program; 

consulting with other local or remote programs and resources; 

tunneling execution to other environments, systems, or programs through interprocess 

communication, networking technologies, or other communications media; 
dividing execution across platforms for parallelization of tasks or to gain access to 

networked resources transparently to the calling process; 
executing a program in altered environments or contexts such as on other computers, in 

'sandbox' environments, or with altered environmental variables or simulated file 

system, process, memory, and I/O conditions; 
modifying programs or their arguments before execution; 
performing error correction and augmented or altered functions; 
substituting authorized versions of programs for unauthorized versions; 
associating keys to facilitate authorizations, identifications, or other augmented content or 

capabilities; 

encrypting, decrypting, signing, or verifying programs, io, files, and other content; 
sending programs to other devices or systems for encryption, decryption, signatures, or 
verifications; 

adding or removing or modifying tags to facilitate application to tagged architectures and 

similar association methods of control; 
running multiple versions of program and comparing results for redundancy and to assure 

high integrity in critical environments; 
using cached results from previous executions; 

changing prioritizations, locks, and scheduling to alter the normal priorities associated 

with program executions; 
checking preconditions for program execution and automatically invoking necessary 

preconditions to assure proper sequencing of operations and eliminate errors and 

omissions; 

augmenting built-in interpretation mechanisms of programs to handle more complex 
arguments through preprocessing; 
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creating or selecting suitable execution environments for otherwise uninterpretable 
content; 

limiting available resources to a program; 
consuming resources; and/or 
altering privileges of the program. 

8. (ORIGINAL): The method of claim 1 further wherein said response comprises one or 
more deceptive responses that do not correspond to what was actually done by a wrapper. 

9. (ORIGINAL): The method of claim 1 further wherein said wrapper can provide any 
response it is programmed to provide, regardless of what it actually does. 

10. (CURRENTLY AMENDED): A method of modifying operation of an information 
system comprising: 

modifying a program execution call to first execute a wrapper logic module in user space 

instead of a requested program; 
examining a program execution request in light of one or more conditions; 
selecting an action using said program execution request and said conditions; 
performing said action; and 

selecting a response using one or more of said program execution requests, said conditions 

and results of said action; 
providing said selected response; 
The method of claim 1 

further wherein said response is one or more responses selected from the group consisting 
of: 

a real response of the program run; 
never returning; 

appearing to consume resources; 

falsified legitimate responses without actually doing the requested function; 
falsified responses that appear legitimate but are not; 
responses that do not make sense in the context of the execution requested; 
dazzlements that exhaust resources of a calling program or otherwise to cause it to fail; 
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responses to induce the user of a calling program to incorrectly process the resulting 
content; 

responses that induce subsequent programs handling response data to fail to operate 

properly or as expected; 
responses that induce syntactic or semantic errors, resonance, or dissonance in programs, 

people, and systems handling those results; 
illegal, undefined, expected, or unexpected return values; 
audit data for calibration, intrusion detection or other security systems; 
set, alter, control, or interact with other deception mechanisms; 

automated configuration information for calibration of detection mechanisms to particular 
environments; 

combinations and sequences of responses consistent or inconsistent with particular 
environments; and 

responses correlated with other response mechanisms so as to produce an overall 
deception in keeping with a desired deception plan or illusion. 

11. (ORIGINAL): The method of claim 1 further wherein a response can be combined with 
other responses. 

12. (ORIGINAL): The method of claim 1 further wherein a response can be randomly and/or 
selectively generated based on time, use, or other environmental or fixed factors. 

13. (CURRENTLY AMENDED): A computer program product for use in an information 
system comprising: 

a computer useable medium having computer readable program code embodied therein, 

said computer program product further comprising: 
computer readable program code enabling a loadable operating system module able to 

intercept all program execution requests; 
wherein said module, after intercepting a program execution request, initiates logic to 

evaluate said program execution request and determine whether to grant, refuse to 

grant, or falsifies granting said program execution request depending on one or more 

parameters; and 
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wherein said module, after intercepting a program execution request, returns either an 
accurate or an inaccurate response to said request depending on one or more 
parameters; 

further wherein said response is one or more responses selected from the group consisting 
of: 

a real response of the program run; 
never returning; 

appearing to consume resources; 

falsified legitimate responses without actually doing the requested function; 
falsified responses that appear legitimate but are not; 
responses that do not make sense in the context of the execution requested; 
dazzlements that exhaust resources of a calling program or otherwise to cause it to fail; 
responses to induce the user of a calling program to incorrectly process the resulting 
content; 

responses that induce subsequent programs handling response data to fail to operate 

properly or as expected; 
responses that induce syntactic or semantic errors, resonance, or dissonance in programs, 

people, and systems handling those results; 
illegal, undefined, expected, or unexpected return values; 
audit data for calibration, intrusion detection or other security systems; 
set, alter, control, or interact with other deception mechanisms; 

automated configuration information for calibration of detection mechanisms to particular 
environments; 

combinations and sequences of responses consistent or inconsistent with particular 
environments; and 

responses correlated with other response mechanisms so as to produce an overall 
deception in keeping with a desired deception plan or illusion. . 

14. (ORIGINAL): The computer program product of claim 13 further wherein said module 
further comprises: 
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